Dusseldorf The cloud presents companies and public authorities with a dilemma: they don’t want to do without the technology, but they fear losing control over their data. This applies in particular if the provider is based outside the EU and is therefore subject to a different jurisdiction.
The US corporations Microsoft, Google and Oracle are therefore working on cloud services with special protection. The promise is “digital sovereignty” – without filling the term with specific content. As the last major provider on Monday also Amazon Web Services (AWS) announced plans for additional controls.
Control over digital assets is more important now than ever, wrote Matt Garman, AWS director of sales and marketing. in a blog post. In many places, both the legislators and the regulatory authorities have developed their requirements for IT security and privacy steadily further. The group therefore promises data sovereignty with the “Digital Sovereignty Pledge”.
Experts see the market leader under pressure. “AWS had to respond to the announcements of Microsoft and Google are reacting,” said René Büst, an analyst at market research and consulting firm Gartner.
Top jobs of the day
Find the best jobs now and
be notified by email.
AWS also leaves many details vague. Top manager Garman promised, for example, that the group would continue to work on “flexibly and innovatively adapting our offer to the ever-changing needs and requirements of customers and regulators”.
Concerns when using cloud services
A Study of Counseling Capgemini according to those responsible in many international corporations have concerns about the use of cloud services. Around two thirds are concerned about a lack of control over their data and fear of being dependent on foreign providers.
Concerns are likely to be great, especially in Europe. With judgments in 2015 and 2020, the European Court of Justice declared the previously valid legal basis for data transfers to be invalid. He argued that the level of data protection in the United States does not meet EU standards and, above all, secret services have disproportionate access rights.
According to data protection experts, the fact that AWS, Google and Microsoft store customer data in European data centers is not enough to protect against unlawful access. They warn that, based on the Cloud Act, American authorities can require them to provide information that is outside of the United States are saved.
The following shows a current example that affects Microsoft. The data protection conference (DSK) of the independent federal and state data protection authorities recently declared that the Microsoft 365 program package cannot be used in accordance with the law – at least not without additional technical measures. This should pose problems for many companies, authorities and schools.
New controls for AWS products
The EU and USA are currently trying to find a new solution. US President Joe Biden has issued a regulation to ensure a higher level of data protection. However, some cloud service providers do not want to rely on this – and therefore promise “digital sovereignty” themselves.
AWS has long held back in this discussion. Now the company promises to equip its own cloud with additional control mechanisms, for example to protect against unauthorized access and to encrypt data. In addition, there should be a control of the identity and billing data of customers.
However, the cloud service provider is lagging behind the announcements made by Microsoft and Google. The competitors are working on offers in which they only supply the cloud technology – European IT service providers take care of the operation of the data centers independently.
“AWS makes the mistake of exclusively digital sovereignty with data security and privacy equate,” Gartner analyst René Büst told Handelsblatt. In the case of digital sovereignty, in addition to control over the data, it is also important who develops the technology and who operates the data center. “Operatively, AWS is still the master of the house.”
The market leader may even make improvements: He promised to “expand and develop the range of sovereign and resilient options”. The announcement should be seen as an offer to talk, stressed Michael Hanisch, who acts as “Head of Technology” in Germany, to the Handelsblatt.
For user companies, the requirements imposed by laws and government authorities are too complex: “That’s why it’s important that we position ourselves and work on solutions together with customers.”